Configuring Sandstorm

Sophos
Sandstorm is a cloud-based service that provides enhanced protection against new and targeted attacks. You can configure the appliance to send suspicious files to Sandstorm for analysis or submit suspicious files on an individual basis. Sandstorm detonates the file to check for malware and sends the results to you. Because the analysis takes place in the cloud, your system is never exposed to potential threats.

About this task

This page of the administrative web interface is not available on a joined Web Appliance as this functionality has been shifted
to the Management Appliance.

The Configuration > Global Policy > Sandstorm page allows licensed users to enable Sophos
Sandstorm, a cloud service that executes and analyzes
suspicious downloads. If you do not have a license, you can obtain a 30-day trial license on
this page.

Once enabled, you can set default Sandstorm
profiles on the Configuration > Group Policy > Default Policy and Configuration > Group Policy > Special Hours pages. You can also select a custom Sandstorm profile for any additional policies you add or
edit.

To turn Sandstorm on or
off, click the On/Off switch.

You can view the current license status in the License status text
box.

Files to be analyzed by Sandstorm are transmitted using a secure SSL connection to a data
center in the cloud. Data centers are located in the United States and Europe. Sandstorm selects the closer data center according to
the location of the appliance.

You can override the default behavior by selecting a data center in the Sandstorm data center list.

Note

Changing
data centers may affect any analysis that is currently in progress.